[pLog-svn] Request for comments on site-wide HTTP auth patch
Jesse Peterson
jesse.peterson at exbiblio.com
Wed Mar 22 05:36:47 GMT 2006
Hello everyone,
I've modified LifeType to have _very_ rough support for HTTP Auth for
anything that uses a Controller. This is pretty naughty in that it
limits any use of a Controller to an HTTP page with authentication but
it works well enough for my use. While I realize this won't be useful
to probably most of LifeType's users I thought I'd submit it for review
and comments anyway. Thanks in advance for any reply!
Modified from release version 1.0.3 of LifeType:
Index: class/action/admin/adminaction.class.php
===================================================================
--- class/action/admin/adminaction.class.php (revision 4)
+++ class/action/admin/adminaction.class.php (working copy)
@@ -86,10 +86,12 @@
*/
function _getBlogInfo()
{
- $session = HttpVars::getSession();
- $sessionInfo = $session["SessionInfo"];
-
- $this->_blogInfo = $sessionInfo->getValue( "blogInfo" );
+ if (!$this->_userInfo)
+ $this->_getUserInfo ();
+
+ $users = new Users;
+ $this->_blogInfo = end ($users->getUsersBlogs
( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE ));
+ unset ($unset);
}
/**
@@ -98,9 +100,9 @@
*/
function _getUserInfo()
{
- $session = HttpVars::getSession();
- $sessionInfo = $session["SessionInfo"];
- $this->_userInfo = $sessionInfo->getValue("userInfo");
+ $users = new Users;
+ $this->_userInfo = $users->getUserInfo
( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
+ unset ($users);
}
/**
Index: class/controller/controller.class.php
===================================================================
--- class/controller/controller.class.php (revision 4)
+++ class/controller/controller.class.php (working copy)
@@ -20,6 +20,8 @@
include_once
( PLOG_CLASS_PATH."class/action/actioninfo.class.php" ); include_once
( PLOG_CLASS_PATH."class/controller/resourceclassloader.class.php" );
+ // include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
+
//
// various constants that will come handy
//
@@ -39,6 +41,34 @@
//
$_plogController_forwardAction = array();
+ class HttpAuthController extends Object {
+ function HttpAuthController () {
+ include_once
( PLOG_CLASS_PATH."class/dao/users.class.php" ); +
+ if (!$this->suppliedCredentials ())
+ $this->requireAuthentication ();
+ else {
+ // check credentials
+ $users = new Users;
+ if( !$users->authenticateUser( $_SERVER
['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ))
+ $this->requireAuthentication
();
+ }
+ }
+
+ function requireAuthentication () {
+ header ('WWW-Authenticate: Basic
realm="LifeType"');
+ header ('HTTP/1.0 401 Unauthorized');
+ echo '<html><body><h1>AUTHENTICATION
REQUIRED</h1></body></html>';
+ exit;
+ }
+
+ function suppliedCredentials () {
+ return isset ($_SERVER['PHP_AUTH_USER']);
+ }
+ }
+
+
+
/**
* \ingroup Controller
*
@@ -121,7 +151,7 @@
* @see FormValidator
* @see Validator
*/
- class Controller extends Object
+ class Controller extends HttpAuthController
{
var $_actionParam;
@@ -150,7 +180,7 @@
*/
function Controller( $actionMap, $actionParam =
DEFAULT_ACTION_PARAM ) {
- $this->Object();
+ parent::HttpAuthController ();
global $_plogController_actionMap;
if( !is_array($_plogController_actionMap))
Index: class/controller/admincontrollermap.properties.php
===================================================================
--- class/controller/admincontrollermap.properties.php (revision
4) +++ class/controller/admincontrollermap.properties.php
(working copy) @@ -7,7 +7,7 @@
*/
// default action that is used if no other
- $actions["Default"] = "AdminDefaultAction";
+ $actions["Default"] = "AdminMainAction";
// after logging in, this is the action called
$actions["Login"] = "AdminLoginAction";
// this action is called after we have verified that the user is
valid
More information about the pLog-svn
mailing list